I have looked around a bit online and have seen several options in such products like ZAP, Burp, Appscan, Accunetix.... etc.... I wanted to see what some of you might recommend for a good enterprise class web vulnerability scanner? I would be looking for something that could scale to ongoing scanning about around 150-250 medium to large websites. These website would range from having HTML, flash, javascript, ajax, and recently HTML5 incorporated in them. I use ZAP and Burp more for pentests as I am not sure they would scale or are even meant for scanning a large number of site in an ongoing fashion.

We already have appscan but I have been finding that it seems to be limited and have been having issues with recording login sessions as the browsers aren't supported even though my version of appscan is fully up to date... Also, with large websites I find that it hangs a lot and I tend to receive a fair amount of out of memory errors and the application crashes and I have to star the scan all over.

This is kind of a tough situation because most of these products are crappy. Burp is the best, but only for one site at a time. It doesn't do well even with large, single sites.

The problem you're going to face is that the "right" product you find that can handle such a huge workload is probably going to give you the same marginal results, at best.

The only product that really comes to mind that you might want to consider is Nexpose. It does web app scanning, although I'm not sure how well, and it can get pricey but it's worth a look. You can schedule and it seems to perform well on larger engagements. I was also going to say appscan but you already don't like that product.

Ive looked everywhere and cant find how to delete the .MDX files that are generated on my web server. I can find code for the desktop and even the delete when exit code. Problem is this is a web project and doesnt ever exit. The other day I had over 7k of the .MDX files. How can I make them go away.